Founded in 2013, Quantiphi is an award-winning AI-first digital engineering company, driven by the desire to reimagine and realize transformational opportunities at the heart of business by using science to solve problems for people.
“Currently, Quantiphi does not have a single server on-premises. With its exponentially increasing cloud presence, we needed a better and more unified solution to enhance security, visibility, assurance and compliance. This included proactive controls, risk prioritization and cloud security automation,” shares Amit Dhawan, chief information security officer (CISO) and data protection officer (DPO) at Quantiphi. “Prisma Cloud provides real-time misconfiguration and security insights, and with clients in sectors like banking, healthcare and finance, Prisma Cloud has helped us meet strict compliance standards effortlessly. Quantiphi’s delivery assurance team functions as a quality control unit that typically requires evidence in case of issues. With Prisma Cloud, evidence retrieval is now an automated and proactive process,” elaborates Amit.
Poor visibility across multicloud environment and reactive misconfiguration resolution
There was a growing need to identify the assets they had on the cloud, resolve misconfigurations, and address visibility issues in a multicloud environment. Quantiphi relied on and used a number of their own internal applications.
As they expanded their solutions to customers from the healthcare and BFSI industry, the implementation of a compliance framework became essential. “We were using a security information and event management (SIEM) solution to get logs from different places. However, as our business expanded, we needed a solution that could help us better manage our cloud infrastructure by improving cloud security, providing visibility, and proactively resolving misconfigurations,” says Amit.
Holistic visibility, vulnerability management, and risk prioritization
Quantiphi wanted a solution that could help them overcome the challenges they were facing and meet the following requirements:
- A single integrated platform that consolidates all cloud security components into a single platform for visibility, compliance, and control across a multicloud environment.
- Proactive controls that prevent misconfigurations from being deployed to the cloud.
- Risk assimilation and prioritization.
- Cloud security automation, threat detection, and cloud infrastructure entitlement management (CIEM).
"There was a growing need to identify the assets that we had on the cloud, resolve misconfigurations, and address visibility and security issues in a multicloud environment."
Amit Dhawan
CISO and DPO, Quantiphi
Proactively secure unprotected cloud workloads and provide a unified single pane-of glass visibility
Managing a multicloud environment—consisting of many cloud service providers (CSPs) such as Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure—proved to be increasingly difficult. “We wanted a consolidated view of our multicloud environment with a unified single-pane-of-glass visibility to assess our risks. We needed consistency in implementing policies on the cloud, regardless of the CSP. Native tools inhibited Quantiphi from prioritizing our risks and addressing them according to their severity. We needed a solution that provides unparalleled visibility and detects any misconfigurations or threats automatically,” elaborates Amit.
Based on Quantiphi’s requirements, eSec Forte Technologies—a partner of Palo Alto Networks—proposed Prisma Cloud for Quantiphi’s Cloud Security Posture Management (CSPM) and Cloud Workload Protection (CWP). eSec Forte Technologies has delivered several global, large, and complex projects with Palo Alto Networks. Kunal Bajaj, chief business officer at eSec Forte Technologies and his team felt that Prisma Cloud would help Quantiphi manage security controls and compliance. “We provided Quantiphi with detailed demos, POVs, and sizing. This was followed by a detailed implementation plan, including Professional Services and best practices,” says Kunal.
“Collaborating with eSec Forte Technologies has been a seamless experience. Their strong technical proficiency, on-time project delivery, and effective customer management are commendable,” says Amit.
Based on their use cases for cloud security, Quantiphi qualified and tested Prisma Cloud from Palo Alto Networks. “Prisma Cloud is without doubt the market leader for CNAPP, combining CSPM, CWP, and CIEM into a single platform, which is one of the main reasons we selected the solution.” As Palo Alto Networks continues investments into the Prisma Cloud security platform, Amit is heartened to know that the product capabilities are continuously evolving to meet customers’ needs.
In addition to providing visibility, Prisma Cloud ensures that Quantiphi stays ahead of compliance frameworks such as HIPAA, HITRUST, and SOC 2, through proactive management. Quantiphi is committed to be proactive and implement controls before anything is put into the cloud. Amit states, “Prisma Cloud gives us visibility of assets in the cloud and then tells us where we stand for each compliance metric (such as HITRUST, HIPAA, and SOC 2), enabling us to have risk oversight.”
"Prisma Cloud is without doubt the market leader for CNAPP, combining CSPM, CWP, and CIEM into a single platform, which is one of the main reasons we selected the solution."
Amit Dhawan
CISO and DPO, Quantiphi
Cloud visibility and governance
With Prisma Cloud, Quantiphi can assess the present status of any misconfigurations and security exceptions. With the Prisma Cloud dashboard, all the traffic flow is presented through graphic visualization, allowing Quantiphi to monitor the health and security posture of their cloud infrastructure.
Increased compliance and audit data available
Quantiphi provides services to customers from a wide range of industries. However, for customers belonging to the banking and financial services or healthcare sector, there is a need to comply with standards such as HITRUST, HIPAA, and SOC 2. Prisma Cloud helps Quantiphi meet these compliance standards easily. Since all the data gathered with the Prisma Cloud solution is based on aging, the data is ready to be presented for both external and internal audit reviews. Quantiphi has a delivery assurance team that defines baselines for compliance on a particular project. With Prisma Cloud, Quantiphi can easily monitor if the project is meeting the required baseline—even helping business leaders gain visibility into where a particular project stands.
Faster threat detection through automation
Automation has been created by eSec Forte Technologies to enforce policies and guardrails, and identify which platform provides faster threat detection with their existing toolchain. The delivery assurance team at Quantiphi serves as a quality control team and asks for evidence in case of any issues. Instead of being reactive and going back and collecting evidence, with Prisma Cloud, obtaining those pieces of evidence is automated.
Quantiphi continues to collaborate with Palo Alto Networks to include security exceptions into the dashboard so that there is a trigger when something is going astray. While it’s not a current focus, Quantiphi has plans to integrate code-to-cloud security in the future. They maintain a vigilant watch over their cloud security score and are confident that, with the support of Palo Alto Networks, Amit and his team can achieve their desired security goals. The team had set an internal metric of achieving a 95 percent cloud security score and they are currently at around 92 percent with the deployment of Prisma Cloud. Amit confidently says, “The continued partnership with the Palo Alto Networks team will ensure Quantiphi reaches its goals in no time.”
eSec Forte® Technologies are a CMMi Level 3 certified Global Consulting and IT Security Services company with offerings across Cloud Security, Cyber Forensics, Malware Detection, Security Audit, Red Team Assessment, Threat Hunting, Security Operations Control, Penetration Testing, Secure Access Management, Risk Assessment, IoT Security etc.
CERT-INDIA empanelled for providing Information Security Auditing Services. PCI DSS QSA and are authorized by the PCI Security Standards Council to validate an entity’s adherence to PCI DSS. www.esecforte.com.